Cybersecurity

In the past two years, hackers have increasingly targeted Internet of Things devices to breach cybersecurity defenses. Because these devices are frequently not patched when software flaws are found, they represent a soft target for attackers. In 2017, 15 percent of all successful attacks exploited one of these device’s beachheads. By 2019, that number increased to 26 percent of all incidents with growth expected to continue, according to a recent analysis performed by Ponemon Institute.

ASIRTek Federal Services LLC, San Antonio, Texas, has been awarded a $78,000,000 firm-fixed-price contract for information security support services.  This contract provides for proactive support of the foundational pillars of this requirement, which are cybersecurity improvement initiatives and cybersecurity support. Work will be performed at Joint Base San Antonio-Lackland, Texas. Additional on-site support locations may include Joint Base Langley-Eustis, Virginia; Robins Air Force Base, Georgia; Tyndall AFB, Florida; Randolph AFB, Texas; and Davis-Monthan AFB, Arizona.  Work is expected to be completed June 28, 2025. This award is the result of a competitive acquisition with 24 offers received.

The efficiencies of using and embedding open source software (OSS) carry many risks. In the advent of free repositories and millions of open source projects, the notion of any reasonable centralized authentication about the origin or any assurance as to correctness is virtually impossible. As a result, users should cultivate trust relationships with a few suppliers and keep them up to date.

The Space Force has announced that the planned satellite hacking challenge known as Space Security Challenge 2020: Hack-A-Sat would proceed as planned, but in a virtual format due to the pandemic. The Department of the Air Force and the Defense Digital Service's (DDS's) event includes an online qualification event May 22-24, followed by a final August 7-9. During the final, participants will attempt to reverse-engineer representative ground-based and on-orbit satellite system components to overcome planted “flags” or software code.

ForAllSecure, a NEA portfolio company, announced that is will provide the Defense Department with a next-generation fuzzing solution under a $45 million contract with the Defense Innovation Unit. The company's software security product, known as Mayhem, will be used by several DOD entitieservices branches, including: the Air Force 96th Cyberspace Test Group, the Air Force 90th Cyberspace Operations Squadron, the Naval Sea Systems Command and the U.S. Army Command, Control, Communication, Computers, Cyber, Intelligence, Surveillance and Reconnaissance Center, according to the company. The product, which automatically finds software vulnerabilities, is a patented next-generation solution developed at Carnegie Mellon University.

Amid growing fears that U.S. military reliance on civilian space infrastructure might prove a weak point, two organizations are seeking to improve cybersecurity in the burgeoning satellite industry. The Orbital Security Alliance has published a detailed set of cybersecurity guidelines for commercial satellite operators, which aims specifically at smaller, newer companies in the fast-growing “minisat” sector.

Digital structures are needed to protect government information and operations. A group participating in a National Institute of Standards of Technology challenge is offering a secure cloud-based platform that can improve the digital and actual health of a city and protect its information.

Companies should not be intimidated by the multitiered Cybersecurity Maturity Model Certification (CMMC), says a panel of experts. The new system is geared for companies to approach it methodically as they learn more about its implementation and requirements.

In a remote session hosted by AFCEA’s Virtual CMMC Symposium, the panelists encouraged companies to proceed through its steps and seek advice from others, particularly prime contractors. Janey Nodeen, president, Burke Consortium Inc., said, “There is a path to success. It’s not as hard as you think, and at the end of the day it’s very, very valuable to your company.

“It is very much a crawl-walk-run approach, and don’t overthink it,” she added.

“The time is now” for companies to begin implementation of Cybersecurity Maturity Model Certification (CMMC) measures, said the chief information security officer for defense acquisition. Katie Arrington, speaking at AFCEA’s Virtual CMMC Symposium, told participants that many CMMC tenets constitute good practices that can—and should—be implemented even before the CMMC is formalized.

“Let’s not wait until it’s required; let’s do it now,” Arrington said. “The time is now.” She added that the country loses $600 billion a year to adversaries, and practicing basic cyber hygiene methods that will be part of CMMC level 1 standards will help companies immensely.